Software Releases
Current Release - Release Notes ECA
Home



These Release Notes cover the Superna Eyeglass ECA deployed with Superna Eyeglass Ransomware Defender and Superna Eyeglass Easy Auditor and Superna Eyeglass Performance Auditor

What’s New in Superna Eyeglass Easy Auditor Edition and Ransomware Defender Edition

Release 2.5.8

What’s New! In Superna Eyeglass Easy Auditor Edition and Ransomware Defender Edition Release 2.5.8 can be found here.




Supported OneFS releases

8.2.0.x

8.2.1.x

8.2.2.x

9.0

9.1

9.2

9.3


Supported Eyeglass releases

Superna Eyeglass ECA Version


Superna Eyeglass Version


2.5.8.1-22116
2.5.8.1-22116
2.5.8.1-22100
2.5.8.1-22100
2.5.8.1-22080
2.5.8.1-22080
2.5.8-22028
2.5.8-22028
2.5.8-21330
2.5.8-21330
2.5.8-21306
2.5.8-21306
2.5.7.1-21161
2.5.7.1-21161
2.5.7.1-21140 2.5.7.1-21140
2.5.7-210962.5.7-21096
2.5.7-210812.5.7-21081
2.5.7-210682.5.7-21068
2.5.6-202632.5.6-20263
2.5.6-202582.5.6-20258
2.5.6-201582.5.6-20158
2.5.6-200842.5.6-20084
2.5.6-200692.5.6-20069
2.5.6-200632.5.6-20063
2.5.6-200562.5.6-20056
2.5.5-200192.5.5-20019
2.5.5-192342.5.5-19234
2.5.5-192262.5.5-19226
2.5.5-19219
2.5.5-19219
2.5.5-191882.5.5-19188

2.5.5-19184

2.5.5-19184



End of Life Notifications

End of Life Notifications for all products are available here.


End of Support in 2.5.8

Following features will no longer be supported as indicated below:
  1. As of Release 2.5.8
    1. Support for OneFS 8.0.x.x releases
    2. Support for OneFS 8.1.x.x releases


Deprecation Notices

No deprecation notices at this time.


New/Fixed in this Release

New/Fixed in 2.5.8.1-22116

Refer to previous build information.

New in 2.5.8.1-22100

T22855 Turboaudit - Use REST API instead of NFS for listing directories

For cases where high bandwidth consumption by turboaudit listing directories when there are high number of audit log gz files, REST API can be used to list the audit log directories instead of NFS which uses less bandwidth.

Fixed in 2.5.8.1-22100

Refer to previous 2.5.8 build information.

New in 2.5.8.1 - 22080

T20992 ECA Event Rate Alarms

Warning severity alarm for audit event rate ingestion and audit database save rate to detect network issues or NFS mount issues that block processing of audit event data.

—————————————————–

T22857 NFSv4 for ECA

NFSv4 is now the default for mount to audit log directory from ECA VMs.

Fixed in 2.5.8.1-22080

T20753 Error in Manage Services for vaultagent and taskmaster

In 2.5.8 Manage Services shows an error for the vaultagent and taskmaster components. Impact: None to Ransomware Defender, Easy Auditor or Performance Auditor as these components are not required for these products.

Resolution: Manage Services no longers shows this error for products where these components are not required.



New in 2.5.8-22028

Refer to previous 2.5.8 build information.

Fixed in 2.5.8-22028

T21992 - Fix for boot issue during OVF deploy

New in 2.5.8-21330

Refer to previous 2.5.8 build information.

Fixed in 2.5.8-21330

Security

T22171 - Log4j Vulnerability - Upgrade to Log4j 2.17.0 (2.5.8-21330 and higher Log4j 2.17.0 )

New in 2.5.8-21306

T20989 Event Retrieval and Send Rates available from GUI

The audit event receive and send rate which the Ransomware Defender, Easy Auditor and Performance Auditor rely on are now available from the Manage Services window by selecting the ECA Monitor button. Event rate graph opens in a new tab and must be authenticated using the ecaadmin user. More information can be found here.

—————————————————

T21097 ECA Cluster disk management optimization

ECA cluster disk management optimization for event retention will be reduced to reduce disk space requirements in the VM's.  Events will be buffered for 1 hour or 512 MB x 9 or 4.6 GB of event data.


Fixed in 2.5.8-21306

T22033 Log4j Vulnerability - CVE-2021-44228

Resolution: log4j version updated to 2.15.0 which has patch for the vulnerability.


Technical Advisories

Technical Advisories for all products are available here.



Known Issues

General


T8309 ecactl cluster up may continue despite hbase errors

In some cases the "ecactl cluster up" command may continue when it encounters hbase errors. 

Workaround: Please open a support case support.superna.net for assistance with hbase errors.

—————————————————–

T7367  Issues when ecactl cluster up interrupted

Interrupting "ecactl cluster up" before it has completed may result in misconfigured references for ECA nodes. This can result in ECA components starting on incorrect ECA node or may prevent ECA components from coming up at all.

Resolution: Please open a support case support.superna.net for assistance. 

—————————————————–

T13247 ECA fails to retrieve audit events from all PowerScales if one PowerScale is unreachable via autonfs

When multiple PowerScale clusters are being monitored, an unreachable PowerScale cluster may block ECA turboaudit component from retrieving events from the reachable PowerScale cluster(s).

Workaround: Contact support.superna.net to assist in recovering from this condition.

—————————————————–

T22210 Intermittent Hbase Validation Warning in Manage Services with Mini ECA

For deployments with Mini ECA, Hbase validation warning may appear intermittently and recover on its own to OK possibly due to latency from the Mini ECA nodes.  Impact: In this case there is no impact to the Ransomware Defender or Easy Auditor functionality.


Workaround: Use the Manage Services ECA Monitor Event Rate graph to confirm that evtarchive component has rate for Received events and Sent events.  Configure RoboAudit to run daily to verify Easy Auditor query functionality.


—————————————————–

T22450 Audit database save rate alarm raised for Ransomware Defender Only Deployments

The RSW0027 audit database save rate alarm is incorrectly raised for Ransomware Defender only deployments.

Workaround: Contact support.superna.net to change the evtarchive_event_rate_alarm_threshold threshold for this alarm to 0 in your environment so that alert is not triggered.

—————————————————–

T23212 REST API continues to query cluster after removed

Turboaudit configured to use REST API to list audit log directories will continue to query clusters that have been removed for management from the Eyeglass interface.

Workaround: Contact support.superna.net for manual procedure for workaround.



Known Limitations

General


T8228 ECA Alarms not cleared automatically

ECA related alarms that appear in the Eyeglass Alarms window will not be cleared automatically. 

Workaround: Alarms must be manually cleared. Open the Alarms window on the Eyeglass web interface and select the Clear link for the alarm that you would like to clear.

—————————————————–


T15457 HTML 5 vmware vcenter bug on OVA deployment

 Some versions of vmware vcenter HTML user interface have a known issue with OVA properties being read correctly post power on, leading to first boot issues.


Workaround: use the Flash client as a work around.


—————————————————–

T17103 ECA version intermittently reported incorrectly

At times the ECA nodes report an incorrect version resulting in the RSW0010 alarm that ECA node version does not correspond to eyeglass version. This is an intermittent condition that clears itself without any action and does not impact ECA functionality.

—————————————————–

T22924 ECA event rate alarm notification first instance

The ECA event rate alarm notification is sent on the first instance the alarm is raised. If alarm condition is met subsequently without clearing the alarm no further notification is sent.

© Superna Inc